1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.servlet.filters.autologin;
24  
25  import com.liferay.portal.NoSuchUserException;
26  import com.liferay.portal.kernel.log.Log;
27  import com.liferay.portal.kernel.log.LogFactoryUtil;
28  import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.kernel.util.InstancePool;
31  import com.liferay.portal.kernel.util.ListUtil;
32  import com.liferay.portal.kernel.util.StringPool;
33  import com.liferay.portal.kernel.util.Validator;
34  import com.liferay.portal.model.User;
35  import com.liferay.portal.security.auth.AutoLogin;
36  import com.liferay.portal.security.pwd.PwdEncryptor;
37  import com.liferay.portal.service.UserLocalServiceUtil;
38  import com.liferay.portal.servlet.filters.BasePortalFilter;
39  import com.liferay.portal.util.PortalInstances;
40  import com.liferay.portal.util.PortalUtil;
41  import com.liferay.portal.util.PropsValues;
42  import com.liferay.portal.util.WebKeys;
43  
44  import java.util.ArrayList;
45  import java.util.List;
46  
47  import javax.servlet.FilterChain;
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  import javax.servlet.http.HttpSession;
51  
52  /**
53   * <a href="AutoLoginFilter.java.html"><b><i>View Source</i></b></a>
54   *
55   * @author Brian Wing Shun Chan
56   * @author Raymond Aug�
57   */
58  public class AutoLoginFilter extends BasePortalFilter {
59  
60      public static void registerAutoLogin(AutoLogin autoLogin) {
61          if (_autoLogins == null) {
62              _log.error("AutoLoginFilter is not initialized yet");
63  
64              return;
65          }
66  
67          List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
68  
69          autoLogins.add(autoLogin);
70  
71          _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
72      }
73  
74      public static void unregisterAutoLogin(AutoLogin autoLogin) {
75          if (_autoLogins == null) {
76              _log.error("AutoLoginFilter is not initialized yet");
77  
78              return;
79          }
80  
81          List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
82  
83          if (autoLogins.remove(autoLogin)) {
84              _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
85          }
86      }
87  
88      public AutoLoginFilter() {
89          List<AutoLogin> autoLogins = new ArrayList<AutoLogin>();
90  
91          for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
92              AutoLogin autoLogin = (AutoLogin)InstancePool.get(
93                  autoLoginClassName);
94  
95              autoLogins.add(autoLogin);
96          }
97  
98          _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
99      }
100 
101     protected String getLoginRemoteUser(
102             HttpServletRequest request, HttpServletResponse response,
103             HttpSession session, String[] credentials)
104         throws Exception {
105 
106         if ((credentials != null) && (credentials.length == 3)) {
107             String jUsername = credentials[0];
108             String jPassword = credentials[1];
109             boolean encPassword = GetterUtil.getBoolean(credentials[2]);
110 
111             if (Validator.isNotNull(jUsername) &&
112                 Validator.isNotNull(jPassword)) {
113 
114                 try {
115                     long userId = GetterUtil.getLong(jUsername);
116 
117                     if (userId > 0) {
118                         User user = UserLocalServiceUtil.getUserById(userId);
119 
120                         if (user.isLockout()) {
121                             return null;
122                         }
123                     }
124                     else {
125                         return null;
126                     }
127                 }
128                 catch (NoSuchUserException nsue) {
129                     return null;
130                 }
131 
132                 session.setAttribute("j_username", jUsername);
133 
134                 // Not having access to the unencrypted password
135                 // will not allow you to connect to external
136                 // resources that require it (mail server)
137 
138                 if (encPassword) {
139                     session.setAttribute("j_password", jPassword);
140                 }
141                 else {
142                     session.setAttribute(
143                         "j_password", PwdEncryptor.encrypt(jPassword));
144 
145                     session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
146                 }
147 
148                 if (PropsValues.PORTAL_JAAS_ENABLE) {
149                     response.sendRedirect(
150                         PortalUtil.getPathMain() + "/portal/touch_protected");
151                 }
152 
153                 return jUsername;
154             }
155         }
156 
157         return null;
158     }
159 
160     protected void processFilter(
161             HttpServletRequest request, HttpServletResponse response,
162             FilterChain filterChain)
163         throws Exception {
164 
165         HttpSession session = request.getSession();
166 
167         String host = PortalUtil.getHost(request);
168 
169         if (PortalInstances.isAutoLoginIgnoreHost(host)) {
170             if (_log.isDebugEnabled()) {
171                 _log.debug("Ignore host " + host);
172             }
173 
174             processFilter(
175                 AutoLoginFilter.class, request, response, filterChain);
176 
177             return;
178         }
179 
180         String contextPath = PortalUtil.getPathContext();
181 
182         String path = request.getRequestURI().toLowerCase();
183 
184         if ((!contextPath.equals(StringPool.SLASH)) &&
185             (path.indexOf(contextPath) != -1)) {
186 
187             path = path.substring(contextPath.length(), path.length());
188         }
189 
190         if (PortalInstances.isAutoLoginIgnorePath(path)) {
191             if (_log.isDebugEnabled()) {
192                 _log.debug("Ignore path " + path);
193             }
194 
195             processFilter(
196                 AutoLoginFilter.class, request, response, filterChain);
197 
198             return;
199         }
200 
201         String remoteUser = request.getRemoteUser();
202         String jUserName = (String)session.getAttribute("j_username");
203 
204         if ((remoteUser == null) && (jUserName == null)) {
205             for (AutoLogin autoLogin : _autoLogins) {
206                 try {
207                     String[] credentials = autoLogin.login(request, response);
208 
209                     String redirect = (String)request.getAttribute(
210                         AutoLogin.AUTO_LOGIN_REDIRECT);
211 
212                     if (Validator.isNotNull(redirect)) {
213                         response.sendRedirect(redirect);
214 
215                         return;
216                     }
217 
218                     String loginRemoteUser = getLoginRemoteUser(
219                         request, response, session, credentials);
220 
221                     if (loginRemoteUser != null) {
222                         request = new ProtectedServletRequest(
223                             request, loginRemoteUser);
224 
225                         if (PropsValues.PORTAL_JAAS_ENABLE) {
226                             return;
227                         }
228 
229                         redirect = (String)request.getAttribute(
230                             AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
231 
232                         if (Validator.isNotNull(redirect)) {
233                             response.sendRedirect(redirect);
234 
235                             break;
236                         }
237                     }
238                 }
239                 catch (Exception e) {
240                     if (_log.isWarnEnabled()) {
241                         _log.warn(e, e);
242                     }
243 
244                     String currentURL = PortalUtil.getCurrentURL(request);
245 
246                     if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
247                         if (_log.isWarnEnabled()) {
248                             _log.warn(
249                                 "Current URL " + currentURL +
250                                     " generates exception: " + e.getMessage());
251                         }
252                     }
253                     else {
254                         _log.error(
255                             "Current URL " + currentURL +
256                                 " generates exception: " + e.getMessage());
257                     }
258                 }
259             }
260         }
261 
262         processFilter(AutoLoginFilter.class, request, response, filterChain);
263     }
264 
265     private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
266 
267     private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
268 
269     private static AutoLogin[] _autoLogins;
270 
271 }